A smart lucidity.

Thursday, January 10, 2013

Recently, a security researcher, Shahin Ramezany, discovered that a security flaw exists which can be exploited through DOM-based XSS exploit which put over 400 million Yahoo! Mail users at a serious security risk. He promised that he won't give out any details about the method until Yahoo! plugs the security hole. Yahoo! released an official statement saying that have actually put the security risk to rest.

While the whole info is quite pleasing to read about but according to security researcher firm Offensive Security, the vulnerability is still very much there.

As it turns out, after Yahoo! claimed that it has kicked the issue to the curb, security researchers got curious and wanted to test if that was actually true and so they contacted Abysssec(Shahin Ramezany) about his method to test it again on their own. Their curiousness led to the discovery of the fact that after little modification to Abysssec's original method, Yahoo! Mail is still very much hackable.

And to strictly follow the footsteps of Shahin, guys at Offensive Security have released a video of their own. Lets have a look at it.

Meanwhile, we recommend the same thing we did the last time. Users with Yahoo! account should take care of what they are clicking on and should also take care about random links and mails from friends or known contacts. Also, if you think your account has been compromised try and change the account's password. Be alert, Be Safe!!